Annotation of embedaddon/libpdel/ppp/ppp_l2tp_server.c, revision 1.1.1.1
1.1 misho 1:
2: /*
3: * Copyright (c) 2001-2002 Packet Design, LLC.
4: * All rights reserved.
5: *
6: * Subject to the following obligations and disclaimer of warranty,
7: * use and redistribution of this software, in source or object code
8: * forms, with or without modifications are expressly permitted by
9: * Packet Design; provided, however, that:
10: *
11: * (i) Any and all reproductions of the source or object code
12: * must include the copyright notice above and the following
13: * disclaimer of warranties; and
14: * (ii) No rights are granted, in any manner or form, to use
15: * Packet Design trademarks, including the mark "PACKET DESIGN"
16: * on advertising, endorsements, or otherwise except as such
17: * appears in the above copyright notice or in the software.
18: *
19: * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
20: * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
21: * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
22: * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
23: * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
24: * OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
25: * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
26: * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
27: * RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE
28: * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
29: * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
30: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
31: * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
32: * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
33: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
35: * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
36: * THE POSSIBILITY OF SUCH DAMAGE.
37: *
38: * Author: Archie Cobbs <archie@freebsd.org>
39: */
40:
41: #include "ppp/ppp_defs.h"
42: #include "ppp/ppp_log.h"
43: #include "ppp/ppp_engine.h"
44: #include "ppp/ppp_fsm_option.h"
45: #include "ppp/ppp_auth.h"
46: #include "ppp/ppp_lcp.h"
47: #include "ppp/ppp_link.h"
48: #include "ppp/ppp_channel.h"
49: #include "ppp/ppp_l2tp_avp.h"
50: #include "ppp/ppp_l2tp_server.h"
51: #include "ppp/ppp_l2tp_ctrl.h"
52:
53: #include <net/ethernet.h>
54: #include <netinet/in_systm.h>
55: #include <netinet/ip.h>
56: #include <netinet/udp.h>
57:
58: #include <netgraph/ng_ksocket.h>
59:
60: #define L2TP_MTYPE "ppp_l2tp"
61: #define L2TP_OUTPUT_MTYPE "ppp_l2tp.output"
62: #define L2TP_DEVICE_MTYPE "ppp_l2tp.device"
63: #define L2TP_PEER_MTYPE "ppp_l2tp.peer"
64:
65: /* Win2k is too stupid to handle changing the UDP port */
66: #define L2TP_CHANGE_PORT 0
67:
68: #if 0 /* win2k seems to require at least 1500 */
69: #define L2TP_MRU \
70: (ETHER_MAX_LEN /* standard ethernet frame */ \
71: - ETHER_CRC_LEN /* ethernet crc */ \
72: - ETHER_HDR_LEN /* ethernet header */ \
73: - sizeof(struct ip) /* ip header */ \
74: - sizeof(struct udp) /* udp header */ \
75: - 10 /* l2tp header */
76: - 2) /* ppp protocol field */
77: #else
78: #define L2TP_MRU LCP_DEFAULT_MRU
79: #endif
80:
81: #define L2TP_MRRU LCP_DEFAULT_MRRU
82:
83: /* L2TP server info */
84: struct ppp_l2tp_server {
85: struct ppp_l2tp_server_info info; /* client info */
86: struct ppp_log *log; /* ppp log */
87: struct ppp_engine *engine; /* ppp engine */
88: struct ghash *peers; /* active peers */
89: struct pevent_ctx *ev_ctx; /* event context */
90: pthread_mutex_t *mutex; /* mutex */
91: struct in_addr ip; /* server ip address */
92: u_int16_t port; /* server udp port */
93: int sock; /* udp listen socket */
94: struct pevent *sock_event; /* event context */
95: };
96:
97: /* We keep one of these for each control connection */
98: struct ppp_l2tp_peer {
99: struct ppp_l2tp_server *s; /* pointer to server */
100: struct ppp_l2tp_ctrl *ctrl; /* ctrl connection */
101: void *carg; /* client callbck arg */
102: struct ppp_l2tp_sess *sess; /* l2tp session */
103: struct ppp_channel *chan; /* pointer to channel */
104: struct ppp_auth_config auth; /* auth config */
105: char node[32]; /* node path */
106: char hook[NG_HOOKSIZ]; /* node hook */
107: char logname[32]; /* peer logname */
108: struct in_addr ip; /* peer ip address */
109: u_int16_t port; /* peer port */
110: u_char closed; /* closed by client */
111: };
112:
113: /* L2TP control callbacks */
114: static ppp_l2tp_ctrl_terminated_t ppp_l2tp_server_ctrl_terminated;
115: static ppp_l2tp_initiated_t ppp_l2tp_server_initiated;
116: static ppp_l2tp_connected_t ppp_l2tp_server_connected;
117: static ppp_l2tp_terminated_t ppp_l2tp_server_terminated;
118:
119: static const struct ppp_l2tp_ctrl_cb ppp_l2tp_server_ctrl_cb = {
120: ppp_l2tp_server_ctrl_terminated,
121: ppp_l2tp_server_initiated,
122: ppp_l2tp_server_connected,
123: ppp_l2tp_server_terminated,
124: NULL,
125: NULL,
126: };
127:
128: /* Device methods */
129: static ppp_channel_open_t ppp_l2tp_server_device_open;
130: static ppp_channel_close_t ppp_l2tp_server_device_close;
131: static ppp_channel_destroy_t ppp_l2tp_server_device_destroy;
132: static ppp_channel_free_output_t ppp_l2tp_server_device_free_output;
133: static ppp_channel_set_link_info_t ppp_l2tp_server_device_set_link_info;
134: static ppp_channel_get_origination_t ppp_l2tp_server_device_get_origination;
135: static ppp_channel_get_node_t ppp_l2tp_server_device_get_node;
136: static ppp_channel_get_hook_t ppp_l2tp_server_device_get_hook;
137: static ppp_channel_is_async_t ppp_l2tp_server_device_is_async;
138: static ppp_channel_get_mtu_t ppp_l2tp_server_device_get_mtu;
139: static ppp_channel_get_acfcomp_t ppp_l2tp_server_device_get_acfcomp;
140: static ppp_channel_get_pfcomp_t ppp_l2tp_server_device_get_pfcomp;
141:
142: static struct ppp_channel_meth ppp_l2tp_server_device_meth = {
143: ppp_l2tp_server_device_open,
144: ppp_l2tp_server_device_close,
145: ppp_l2tp_server_device_destroy,
146: ppp_l2tp_server_device_free_output,
147: ppp_l2tp_server_device_set_link_info,
148: ppp_l2tp_server_device_get_origination,
149: ppp_l2tp_server_device_get_node,
150: ppp_l2tp_server_device_get_hook,
151: ppp_l2tp_server_device_is_async,
152: ppp_l2tp_server_device_get_mtu,
153: ppp_l2tp_server_device_get_acfcomp,
154: ppp_l2tp_server_device_get_pfcomp,
155: };
156:
157: /* Other internal functions */
158: static int ppp_l2tp_server_new_sess(struct ppp_l2tp_peer *peer,
159: struct ppp_l2tp_sess *sess);
160: static void ppp_l2tp_server_destroy(struct ppp_l2tp_server **sp);
161: static void ppp_l2tp_server_peer_destroy(struct ppp_l2tp_peer **peerp);
162: static void ppp_l2tp_server_device_output(struct ppp_l2tp_peer *peer,
163: enum ppp_channeloutput type, ...);
164: static void ppp_l2tp_server_close_client(struct ppp_l2tp_peer *peer);
165:
166: static pevent_handler_t ppp_l2tp_server_sock_event;
167:
168: static const int one = 1;
169:
170: /* Macro for logging */
171: #define LOG(sev, fmt, args...) PPP_LOG(s->log, sev, fmt , ## args)
172:
173: /***********************************************************************
174: PUBLIC FUNCTIONS
175: ***********************************************************************/
176:
177: /*
178: * Start the L2TP server associated with a ppp engine.
179: */
180: int
181: ppp_l2tp_server_start(struct ppp_engine *engine,
182: const struct ppp_l2tp_server_info *info,
183: struct in_addr ip, u_int16_t port, u_int max_conn)
184: {
185: struct ppp_log *const elog = ppp_engine_get_log(engine);
186: struct sockaddr_in sin;
187: struct ppp_l2tp_server *s;
188:
189: /* Sanity */
190: if (engine == NULL || info->arg == NULL) {
191: errno = EINVAL;
192: return (-1);
193: }
194:
195: /* See if server already exists */
196: if ((s = ppp_engine_get_l2tp_server(engine)) != NULL) {
197: errno = EALREADY;
198: return (-1);
199: }
200:
201: /* Create new server */
202: if ((s = MALLOC(L2TP_MTYPE, sizeof(*s))) == NULL)
203: return (-1);
204: memset(s, 0, sizeof(*s));
205: s->engine = engine;
206: s->ev_ctx = ppp_engine_get_ev_ctx(engine);
207: s->mutex = ppp_engine_get_mutex(engine);
208: s->sock = -1;
209: s->log = ppp_log_dup(elog);
210: s->info = *info;
211: s->ip = ip;
212: s->port = (port != 0) ? port : L2TP_PORT;
213:
214: /* Create control connection hash table */
215: if ((s->peers = ghash_create(s, 0, 0,
216: L2TP_MTYPE, NULL, NULL, NULL, NULL)) == NULL) {
217: ppp_log_put(elog, LOG_ERR, "ghash_create: %m");
218: goto fail;
219: }
220:
221: /* Setup UDP socket that listens for new connections */
222: if ((s->sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
223: ppp_log_put(elog, LOG_ERR, "socket: %m");
224: goto fail;
225: }
226: if (setsockopt(s->sock, SOL_SOCKET,
227: SO_REUSEADDR, &one, sizeof(one)) == -1) {
228: ppp_log_put(elog, LOG_ERR, "setsockopt: %m");
229: goto fail;
230: }
231: if (setsockopt(s->sock, SOL_SOCKET,
232: SO_REUSEPORT, &one, sizeof(one)) == -1) {
233: ppp_log_put(elog, LOG_ERR, "setsockopt: %m");
234: goto fail;
235: }
236: memset(&sin, 0, sizeof(sin));
237: #ifndef __linux__
238: sin.sin_len = sizeof(sin);
239: #endif
240: sin.sin_family = AF_INET;
241: sin.sin_addr = ip;
242: sin.sin_port = htons(s->port);
243: if (bind(s->sock, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
244: ppp_log_put(elog, LOG_ERR, "bind: %m");
245: goto fail;
246: }
247: if (pevent_register(s->ev_ctx, &s->sock_event, PEVENT_RECURRING,
248: s->mutex, ppp_l2tp_server_sock_event, s, PEVENT_READ,
249: s->sock) == -1) {
250: ppp_log_put(elog, LOG_ERR, "pevent_register: %m");
251: goto fail;
252: }
253:
254: /* Done */
255: ppp_engine_set_l2tp_server(engine, s);
256: return (0);
257:
258: fail:
259: /* Clean up after failure */
260: pevent_unregister(&s->sock_event);
261: if (s->sock != -1)
262: close(s->sock);
263: ghash_destroy(&s->peers);
264: FREE(L2TP_MTYPE, s);
265: return (-1);
266: }
267:
268: /*
269: * Stop the L2TP server associated with a ppp engine.
270: *
271: * We can't completely destroy it, because there may be L2TP devices
272: * in use by ppp_link's that still exist. The ppp_link's are responsible
273: * for destroying their devices, not us.
274: */
275: void
276: ppp_l2tp_server_stop(struct ppp_engine *engine)
277: {
278: struct ppp_l2tp_server *s;
279:
280: /* Get and clear L2TP server */
281: if ((s = ppp_engine_get_l2tp_server(engine)) == NULL)
282: return;
283: ppp_engine_set_l2tp_server(s->engine, NULL);
284:
285: /* Stop accepting new connections */
286: pevent_unregister(&s->sock_event);
287: (void)close(s->sock);
288: s->sock = -1;
289:
290: /* If there are no control connections, clean up now */
291: if (ghash_size(s->peers) == 0) {
292: ppp_l2tp_server_destroy(&s);
293: return;
294: }
295:
296: /* Destroy all control connections */
297: while (1) {
298: struct ppp_l2tp_peer *peer;
299: struct ghash_walk walk;
300:
301: ghash_walk_init(s->peers, &walk);
302: while ((peer = ghash_walk_next(s->peers, &walk)) != NULL) {
303:
304: /*
305: * Destroy control connection and session (if any).
306: * We do a 'close' before the 'destroy' to cause at
307: * least one StopCCN packet to be generated, in an
308: * attempt to be a little nicer to the peer.
309: */
310: if (peer->ctrl != NULL) {
311: ppp_l2tp_ctrl_shutdown(peer->ctrl,
312: L2TP_RESULT_SHUTDOWN, 0, NULL);
313: ppp_l2tp_ctrl_destroy(&peer->ctrl);
314: peer->sess = NULL;
315: }
316:
317: /* Notify client side peer is gone */
318: ppp_l2tp_server_close_client(peer);
319:
320: /* Destroy peer if it has no more references */
321: if (peer->chan == NULL) {
322: ppp_l2tp_server_peer_destroy(&peer);
323: break; /* restart; walk is invalid */
324: }
325: }
326: if (peer == NULL)
327: break;
328: }
329: }
330:
331: /*
332: * Destroy the L2TP server object.
333: */
334: static void
335: ppp_l2tp_server_destroy(struct ppp_l2tp_server **sp)
336: {
337: struct ppp_l2tp_server *const s = *sp;
338:
339: /* Sanity */
340: if (s == NULL)
341: return;
342: *sp = NULL;
343:
344: /* Deallocate */
345: assert(ghash_size(s->peers) == 0);
346: pevent_unregister(&s->sock_event);
347: (void)close(s->sock);
348: ghash_destroy(&s->peers);
349: ppp_log_close(&s->log);
350: FREE(L2TP_MTYPE, s);
351: }
352:
353: /*
354: * Close a L2TP connection.
355: */
356: void
357: ppp_l2tp_server_close(struct ppp_engine *engine, struct ppp_l2tp_peer **peerp)
358: {
359: struct ppp_l2tp_peer *const peer = *peerp;
360:
361: if (peer == NULL)
362: return;
363: *peerp = NULL;
364: peer->carg = NULL; /* don't call client 'destroy' method */
365: if (peer->chan != NULL)
366: ppp_l2tp_server_device_close(peer->chan);
367: }
368:
369: /*
370: * Get the client handle for the L2TP channel associated with a device.
371: */
372: void *
373: ppp_l2tp_server_get_client_info(struct ppp_channel *chan)
374: {
375: struct ppp_l2tp_peer *const peer = chan->priv;
376:
377: if (chan->meth != &ppp_l2tp_server_device_meth) {
378: errno = EINVAL;
379: return (NULL);
380: }
381: if (peer->carg == NULL)
382: errno = ENXIO;
383: return (peer->carg);
384: }
385:
386: /***********************************************************************
387: L2TP CONTROL CALLBACKS
388: ***********************************************************************/
389:
390: /*
391: * This is called when a control connection is terminated for any reason
392: * other than a call ppp_l2tp_ctrl_destroy().
393: */
394: static void
395: ppp_l2tp_server_ctrl_terminated(struct ppp_l2tp_ctrl *ctrl,
396: u_int16_t result, u_int16_t error, const char *errmsg)
397: {
398: struct ppp_l2tp_peer *peer = ppp_l2tp_ctrl_get_cookie(ctrl);
399: struct ppp_l2tp_server *const s = peer->s;
400:
401: /* Debugging */
402: LOG(LOG_DEBUG, "%s: invoked ctrl=%p errmsg=\"%s\"",
403: __FUNCTION__, ctrl, errmsg);
404:
405: /* Notify client side peer is gone */
406: ppp_l2tp_server_close_client(peer);
407:
408: /* There should be no session */
409: assert(peer->sess == NULL);
410: peer->ctrl = NULL;
411:
412: /* Destroy peer if it has no more references */
413: if (peer->chan == NULL)
414: ppp_l2tp_server_peer_destroy(&peer);
415: }
416:
417: /*
418: * This callback is used to report the peer's initiating a new incoming
419: * or outgoing call.
420: */
421: static void
422: ppp_l2tp_server_initiated(struct ppp_l2tp_ctrl *ctrl,
423: struct ppp_l2tp_sess *sess, int out,
424: const struct ppp_l2tp_avp_list *avps)
425: {
426: struct ppp_l2tp_peer *const peer = ppp_l2tp_ctrl_get_cookie(ctrl);
427: struct ppp_l2tp_server *const s = peer->s;
428:
429: /* Debugging */
430: LOG(LOG_DEBUG, "%s: invoked ctrl=%p sess=%p out=%d",
431: __FUNCTION__, ctrl, sess, out);
432:
433: /* If call is incoming, wait for peer to reply */
434: if (!out) {
435: ppp_l2tp_sess_set_cookie(sess, peer);
436: return;
437: }
438:
439: /* Accept call */
440: if (ppp_l2tp_server_new_sess(peer, sess) == -1) {
441: ppp_l2tp_terminate(sess, L2TP_RESULT_ERROR,
442: L2TP_ERROR_GENERIC, strerror(errno));
443: return;
444: }
445:
446: /* Notify control code */
447: ppp_l2tp_connected(sess, NULL);
448: }
449:
450: /*
451: * This callback is used to report successful connection of a remotely
452: * initiated incoming call (see ppp_l2tp_initiated_t) or a locally initiated
453: * outgoing call (see ppp_l2tp_initiate()).
454: */
455: static void
456: ppp_l2tp_server_connected(struct ppp_l2tp_sess *sess,
457: const struct ppp_l2tp_avp_list *avps)
458: {
459: struct ppp_l2tp_peer *const peer = ppp_l2tp_sess_get_cookie(sess);
460: struct ppp_l2tp_server *const s = peer->s;
461:
462: /* Debugging */
463: LOG(LOG_DEBUG, "%s: invoked sess=%p", __FUNCTION__, sess);
464:
465: /* Accept call */
466: if (ppp_l2tp_server_new_sess(peer, sess) == -1) {
467: ppp_l2tp_terminate(sess, L2TP_RESULT_ERROR,
468: L2TP_ERROR_GENERIC, strerror(errno));
469: return;
470: }
471: }
472:
473: /*
474: * This callback is called when any call, whether successfully connected
475: * or not, is terminated for any reason other than explict termination
476: * from the link side (via a call to either ppp_l2tp_terminate() or
477: * ppp_l2tp_ctrl_destroy()).
478: */
479: static void
480: ppp_l2tp_server_terminated(struct ppp_l2tp_sess *sess,
481: u_int16_t result, u_int16_t error, const char *errmsg)
482: {
483: struct ppp_l2tp_peer *const peer = ppp_l2tp_sess_get_cookie(sess);
484: struct ppp_l2tp_server *const s = peer->s;
485: char buf[128];
486:
487: /* Debugging */
488: LOG(LOG_DEBUG, "%s: invoked sess=%p", __FUNCTION__, sess);
489:
490: /* Sanity */
491: assert(peer->sess == NULL || peer->sess == sess);
492: assert(peer->ctrl != NULL);
493:
494: /* Control side is notifying us session is down */
495: peer->sess = NULL;
496: snprintf(buf, sizeof(buf), "result=%u error=%u errmsg=\"%s\"",
497: result, error, (errmsg != NULL) ? errmsg : "");
498: LOG(LOG_INFO, "call from %s terminated: %s", peer->logname, buf);
499:
500: /* Notify client side peer is gone */
501: ppp_l2tp_server_close_client(peer);
502:
503: /* Notify PPP stack session is down */
504: if (peer->chan != NULL) {
505: ppp_l2tp_server_device_output(peer,
506: PPP_CHANNEL_OUTPUT_DOWN_FATAL,
507: (errmsg != NULL) ? errmsg : "administratively closed");
508: }
509: }
510:
511: /***********************************************************************
512: INTERNAL FUNCTIONS
513: ***********************************************************************/
514:
515: /*
516: * Read an incoming packet that might be a new L2TP connection.
517: */
518: static void
519: ppp_l2tp_server_sock_event(void *arg)
520: {
521: struct ppp_l2tp_server *const s = arg;
522: struct ppp_l2tp_avp_list *avps = NULL;
523: struct ppp_l2tp_peer *peer = NULL;
524: #if !L2TP_CHANGE_PORT
525: union {
526: u_char buf[sizeof(struct ng_ksocket_sockopt) + sizeof(int)];
527: struct ng_ksocket_sockopt sockopt;
528: } sockopt_buf;
529: struct ng_ksocket_sockopt *const sockopt = &sockopt_buf.sockopt;
530: #endif
531: struct ppp_log *log = NULL;
532: struct ngm_connect connect;
533: struct ngm_rmhook rmhook;
534: struct ngm_mkpeer mkpeer;
535: struct sockaddr_in peer_sin;
536: struct sockaddr_in sin;
537: const size_t bufsize = 8192;
538: u_int16_t *buf = NULL;
539: char hook[NG_HOOKSIZ];
540: socklen_t sin_len;
541: char namebuf[64];
542: ng_ID_t node_id;
543: int csock = -1;
544: int dsock = -1;
545: int len;
546:
547: /* Allocate buffer */
548: if ((buf = MALLOC(TYPED_MEM_TEMP, bufsize)) == NULL) {
549: LOG(LOG_ERR, "malloc: %m");
550: goto fail;
551: }
552:
553: /* Read packet */
554: sin_len = sizeof(peer_sin);
555: if ((len = recvfrom(s->sock, buf, bufsize, 0,
556: (struct sockaddr *)&peer_sin, &sin_len)) == -1) {
557: LOG(LOG_ERR, "recvfrom: %m");
558: goto fail;
559: }
560:
561: /* Drop it if it's not an initial L2TP packet */
562: if (len < 12)
563: goto fail;
564: if ((ntohs(buf[0]) & 0xcb0f) != 0xc802 || ntohs(buf[1]) < 12
565: || buf[2] != 0 || buf[3] != 0 || buf[4] != 0 || buf[5] != 0)
566: goto fail;
567:
568: /* Create a new peer */
569: if ((peer = MALLOC(L2TP_PEER_MTYPE, sizeof(*peer))) == NULL) {
570: LOG(LOG_ERR, "malloc: %m");
571: return;
572: }
573: memset(peer, 0, sizeof(*peer));
574: peer->s = s;
575: peer->ip = peer_sin.sin_addr;
576: peer->port = ntohs(peer_sin.sin_port);
577:
578: /* Check with client library */
579: snprintf(peer->logname, sizeof(peer->logname), "%s:%u",
580: inet_ntoa(peer_sin.sin_addr), ntohs(peer_sin.sin_port));
581: if ((peer->carg = (*s->info.admit)(s->info.arg, peer,
582: peer->ip, peer->port, &peer->auth, peer->logname,
583: sizeof(peer->logname))) == NULL)
584: goto fail;
585:
586: /* Create vendor name AVP */
587: if (s->info.vendor != NULL) {
588: if ((avps = ppp_l2tp_avp_list_create()) == NULL) {
589: LOG(LOG_ERR, "%s: %m", "ppp_l2tp_avp_list_create");
590: goto fail;
591: }
592: if (ppp_l2tp_avp_list_append(avps, 1, 0, AVP_VENDOR_NAME,
593: s->info.vendor, strlen(s->info.vendor)) == -1) {
594: LOG(LOG_ERR, "%s: %m", "ppp_l2tp_avp_list_append");
595: goto fail;
596: }
597: }
598:
599: /* Create a log for the control connection */
600: if ((log = ppp_log_prefix(s->log, "%s: ", peer->logname)) == NULL) {
601: LOG(LOG_ERR, "%s: %m", "ppp_log_prefix");
602: goto fail;
603: }
604:
605: /* Create a new control connection */
606: if ((peer->ctrl = ppp_l2tp_ctrl_create(s->ev_ctx, s->mutex,
607: &ppp_l2tp_server_ctrl_cb, log, 0, ntohl(peer_sin.sin_addr.s_addr),
608: &node_id, hook, avps, NULL, 0)) == NULL) {
609: LOG(LOG_ERR, "%s: %m", "ppp_l2tp_ctrl_create");
610: goto fail;
611: }
612: ppp_l2tp_ctrl_set_cookie(peer->ctrl, peer);
613: log = NULL; /* log is consumed by control connection */
614:
615: /* Get a temporary netgraph socket node */
616: if (NgMkSockNode(NULL, &csock, &dsock) == -1) {
617: LOG(LOG_ERR, "%s: %m", "NgMkSockNode");
618: goto fail;
619: }
620:
621: /* Connect to l2tp netgraph node "lower" hook */
622: snprintf(namebuf, sizeof(namebuf), "[%lx]:", (u_long)node_id);
623: memset(&connect, 0, sizeof(connect));
624: strlcpy(connect.path, namebuf, sizeof(connect.path));
625: strlcpy(connect.ourhook, hook, sizeof(connect.ourhook));
626: strlcpy(connect.peerhook, hook, sizeof(connect.peerhook));
627: if (NgSendMsg(csock, ".", NGM_GENERIC_COOKIE,
628: NGM_CONNECT, &connect, sizeof(connect)) == -1) {
629: LOG(LOG_ERR, "%s: %m", "connect");
630: goto fail;
631: }
632:
633: /* Write the received packet to the node */
634: if (NgSendData(dsock, hook, (u_char *)buf, len) == -1) {
635: LOG(LOG_ERR, "%s: %m", "NgSendData");
636: goto fail;
637: }
638:
639: /* Disconnect from netgraph node "lower" hook */
640: memset(&rmhook, 0, sizeof(rmhook));
641: strlcpy(rmhook.ourhook, hook, sizeof(rmhook.ourhook));
642: if (NgSendMsg(csock, ".", NGM_GENERIC_COOKIE,
643: NGM_RMHOOK, &rmhook, sizeof(rmhook)) == -1) {
644: LOG(LOG_ERR, "%s: %m", "rmhook");
645: goto fail;
646: }
647:
648: /* Attach a new UDP socket to "lower" hook */
649: memset(&mkpeer, 0, sizeof(mkpeer));
650: strlcpy(mkpeer.type, NG_KSOCKET_NODE_TYPE, sizeof(mkpeer.type));
651: strlcpy(mkpeer.ourhook, hook, sizeof(mkpeer.ourhook));
652: strlcpy(mkpeer.peerhook, "inet/dgram/udp", sizeof(mkpeer.peerhook));
653: if (NgSendMsg(csock, namebuf, NGM_GENERIC_COOKIE,
654: NGM_MKPEER, &mkpeer, sizeof(mkpeer)) == -1) {
655: LOG(LOG_ERR, "%s: %m", "mkpeer");
656: goto fail;
657: }
658:
659: /* Point name at ksocket node */
660: strlcat(namebuf, hook, sizeof(namebuf));
661:
662: #if !L2TP_CHANGE_PORT
663: /* Make UDP port reusable */
664: memset(&sockopt_buf, 0, sizeof(sockopt_buf));
665: sockopt->level = SOL_SOCKET;
666: sockopt->name = SO_REUSEADDR;
667: memcpy(sockopt->value, &one, sizeof(int));
668: if (NgSendMsg(csock, namebuf, NGM_KSOCKET_COOKIE,
669: NGM_KSOCKET_SETOPT, sockopt, sizeof(sockopt_buf)) == -1) {
670: LOG(LOG_ERR, "%s: %m", "setsockopt");
671: goto fail;
672: }
673: sockopt->name = SO_REUSEPORT;
674: if (NgSendMsg(csock, namebuf, NGM_KSOCKET_COOKIE,
675: NGM_KSOCKET_SETOPT, sockopt, sizeof(sockopt_buf)) == -1) {
676: LOG(LOG_ERR, "%s: %m", "setsockopt");
677: goto fail;
678: }
679: #endif
680:
681: /* Bind socket to a new port */
682: memset(&sin, 0, sizeof(sin));
683: #ifndef __linux__
684: sin.sin_len = sizeof(sin);
685: #endif
686: sin.sin_family = AF_INET;
687: sin.sin_addr = s->ip;
688: #if L2TP_CHANGE_PORT
689: sin.sin_port = 0; /* "choose any free port" */
690: #else
691: sin.sin_port = htons(s->port);
692: #endif
693: if (NgSendMsg(csock, namebuf, NGM_KSOCKET_COOKIE,
694: NGM_KSOCKET_BIND, &sin, sizeof(sin)) == -1) {
695: LOG(LOG_ERR, "%s: %m", "bind");
696: goto fail;
697: }
698:
699: #if L2TP_CHANGE_PORT
700: /* Set up reverse NAT mapping for the new port */
701: if (s->info.natmap != NULL) {
702: struct ng_mesg *const reply = (struct ng_mesg *)buf;
703: struct sockaddr_in *const self_sin
704: = (struct sockaddr_in *)reply->data;
705:
706: /* Get kernel-assigned UDP port number */
707: if (NgSendMsg(csock, namebuf, NGM_KSOCKET_COOKIE,
708: NGM_KSOCKET_GETNAME, NULL, 0) == -1) {
709: LOG(LOG_ERR, "%s: %m", "getsockname");
710: goto fail;
711: }
712: if (NgRecvMsg(csock, reply, bufsize, NULL) == -1) {
713: LOG(LOG_ERR, "%s: %m", "recvmsg");
714: goto fail;
715: }
716: if ((*s->info.natmap)(s->info.arg, self_sin->sin_addr,
717: ntohs(self_sin->sin_port), s->port, peer_sin.sin_addr,
718: ntohs(peer_sin.sin_port)) == -1) {
719: LOG(LOG_ERR, "%s: %m", "can't reverse NAT map");
720: goto fail;
721: }
722: }
723: #endif
724:
725: /* Connect socket to remote peer's IP and port */
726: if (NgSendMsg(csock, namebuf, NGM_KSOCKET_COOKIE,
727: NGM_KSOCKET_CONNECT, &peer_sin, sizeof(peer_sin)) == -1
728: && errno != EINPROGRESS) {
729: LOG(LOG_ERR, "%s: %m", "connect");
730: goto fail;
731: }
732:
733: /* Add peer to our hash table */
734: if (ghash_put(s->peers, peer) == -1) {
735: LOG(LOG_ERR, "%s: %m", "ghash_put");
736: goto fail;
737: }
738:
739: /* Clean up and return */
740: ppp_l2tp_avp_list_destroy(&avps);
741: (void)close(csock);
742: (void)close(dsock);
743: FREE(TYPED_MEM_TEMP, buf);
744: return;
745:
746: fail:
747: /* Clean up after failure */
748: if (csock != -1)
749: (void)close(csock);
750: if (dsock != -1)
751: (void)close(dsock);
752: if (peer != NULL) {
753: ppp_l2tp_server_close_client(peer);
754: ppp_l2tp_ctrl_destroy(&peer->ctrl);
755: FREE(L2TP_PEER_MTYPE, peer);
756: }
757: ppp_l2tp_avp_list_destroy(&avps);
758: ppp_log_close(&log);
759: FREE(TYPED_MEM_TEMP, buf);
760: }
761:
762: /*
763: * Create a new L2TP peer object corresponding to a L2TP channel
764: * and start up a new PPP link/bundle.
765: */
766: static int
767: ppp_l2tp_server_new_sess(struct ppp_l2tp_peer *peer, struct ppp_l2tp_sess *sess)
768: {
769: struct ppp_l2tp_server *const s = peer->s;
770: struct ppp_link_config link_config;
771: struct ppp_log *log = NULL;
772: const char *hook;
773: ng_ID_t node_id;
774: int esave;
775:
776: /* We allow only one session per control connection */
777: if (peer->sess != NULL) {
778: errno = EALREADY;
779: return (-1);
780: }
781:
782: /* Get this link's node and hook */
783: ppp_l2tp_sess_get_hook(sess, &node_id, &hook);
784: snprintf(peer->node, sizeof(peer->node), "[%lx]:", (u_long)node_id);
785: strlcpy(peer->hook, hook, sizeof(peer->hook));
786:
787: /* Create a new PPP device for this session */
788: if ((peer->chan = MALLOC(L2TP_DEVICE_MTYPE,
789: sizeof(*peer->chan))) == NULL) {
790: LOG(LOG_ERR, "can't allocate new channel: %m");
791: goto fail;
792: }
793: memset(peer->chan, 0, sizeof(*peer->chan));
794: peer->chan->meth = &ppp_l2tp_server_device_meth;
795: peer->chan->priv = peer;
796:
797: /* Create device output message port */
798: if ((peer->chan->outport
799: = mesg_port_create("ppp_l2tp_server")) == NULL) {
800: LOG(LOG_ERR, "can't create mesg_port: %m");
801: goto fail;
802: }
803:
804: /* Create log for the new PPP link by prefixing the engine's log */
805: if ((log = ppp_engine_get_log(s->engine)) != NULL
806: && (log = ppp_log_prefix(log, "%s: ", peer->logname)) == NULL) {
807: LOG(LOG_ERR, "can't create link log: %m");
808: goto fail;
809: }
810:
811: /* Configure the new PPP link */
812: memset(&link_config, 0, sizeof(link_config));
813: link_config.auth = peer->auth;
814: link_config.max_self_mru = L2TP_MRU;
815: link_config.max_self_mrru = L2TP_MRRU;
816: link_config.multilink = 1;
817: link_config.eid.class = PPP_EID_CLASS_IP;
818: link_config.eid.length = sizeof(s->ip);
819: memcpy(link_config.eid.value, &s->ip, sizeof(s->ip));
820:
821: /* Add new link to the PPP engine */
822: if (ppp_link_create(s->engine, peer->chan, &link_config, log) == -1) {
823: LOG(LOG_ERR, "can't create link: %m");
824: goto fail;
825: }
826: log = NULL;
827:
828: /* Notify PPP engine link is up */
829: ppp_l2tp_server_device_output(peer, PPP_CHANNEL_OUTPUT_UP);
830:
831: /* Done */
832: peer->sess = sess;
833: return (0);
834:
835: fail:
836: /* Clean up after failure */
837: esave = errno;
838: ppp_log_close(&log);
839: if (peer->chan != NULL) {
840: if (peer->chan->outport != NULL)
841: mesg_port_destroy(&peer->chan->outport);
842: FREE(L2TP_DEVICE_MTYPE, peer->chan);
843: }
844: errno = esave;
845: return (-1);
846: }
847:
848: /*
849: * Output indication from the device.
850: */
851: static void
852: ppp_l2tp_server_device_output(struct ppp_l2tp_peer *peer,
853: enum ppp_channeloutput type, ...)
854: {
855: struct ppp_l2tp_server *const s = peer->s;
856: struct ppp_channel_output *output;
857:
858: /* Get output object */
859: if ((output = MALLOC(L2TP_OUTPUT_MTYPE, sizeof(*output))) == NULL) {
860: LOG(LOG_ERR, "can't create l2tp output: %m");
861: return;
862: }
863: memset(output, 0, sizeof(*output));
864: output->type = type;
865:
866: /* Get extra args */
867: switch (output->type) {
868: case PPP_CHANNEL_OUTPUT_DOWN_FATAL:
869: case PPP_CHANNEL_OUTPUT_DOWN_NONFATAL:
870: {
871: const char *msg;
872: va_list args;
873:
874: /* Get string message */
875: va_start(args, type);
876: msg = va_arg(args, const char *);
877: va_end(args);
878: if ((output->info = STRDUP(L2TP_OUTPUT_MTYPE, msg)) == NULL) {
879: LOG(LOG_ERR, "can't create l2tp output: %m");
880: FREE(L2TP_OUTPUT_MTYPE, output);
881: return;
882: }
883: break;
884: }
885: case PPP_CHANNEL_OUTPUT_UP:
886: break;
887: }
888:
889: /* Send message */
890: if (mesg_port_put(peer->chan->outport, output) == -1) {
891: LOG(LOG_ERR, "can't send l2tp output: %m");
892: ppp_l2tp_server_device_free_output(peer->chan, output);
893: return;
894: }
895: }
896:
897: /*
898: * Notify client code that connection is gone.
899: * Make sure that we only do this once however.
900: */
901: static void
902: ppp_l2tp_server_close_client(struct ppp_l2tp_peer *peer)
903: {
904: struct ppp_l2tp_server *const s = peer->s;
905: void *const peer_carg = peer->carg;
906:
907: if (peer_carg == NULL)
908: return;
909: peer->carg = NULL;
910: (*s->info.destroy)(s->info.arg, peer_carg);
911: }
912:
913: /*
914: * Destroy a peer.
915: */
916: static void
917: ppp_l2tp_server_peer_destroy(struct ppp_l2tp_peer **peerp)
918: {
919: struct ppp_l2tp_peer *peer = *peerp;
920: struct ppp_l2tp_server *s;
921:
922: /* Sanity checks */
923: if (peer == NULL)
924: return;
925: *peerp = NULL;
926: assert(peer->ctrl == NULL);
927: assert(peer->sess == NULL);
928: assert(peer->chan == NULL);
929:
930: /* Destroy peer */
931: s = peer->s;
932: ghash_remove(s->peers, peer);
933: FREE(L2TP_PEER_MTYPE, peer);
934:
935: /* Destroy server if shutting down and no more peers left */
936: if (s->sock == -1 && ghash_size(s->peers) == 0)
937: ppp_l2tp_server_destroy(&s);
938: }
939:
940: /***********************************************************************
941: L2TP DEVICE METHODS
942: ***********************************************************************/
943:
944: static void
945: ppp_l2tp_server_device_open(struct ppp_channel *chan)
946: {
947: return;
948: }
949:
950: static void
951: ppp_l2tp_server_device_close(struct ppp_channel *chan)
952: {
953: struct ppp_l2tp_peer *const peer = chan->priv;
954: struct ppp_l2tp_server *const s = peer->s;
955:
956: /* Logging */
957: if (!peer->closed) {
958: LOG(LOG_INFO, "closing L2TP connection with %s", peer->logname);
959: peer->closed = 1;
960: }
961:
962: /* Terminate the L2TP channel */
963: if (peer->sess != NULL) {
964: ppp_l2tp_terminate(peer->sess, L2TP_RESULT_ADMIN, 0, NULL);
965: peer->sess = NULL;
966: }
967:
968: /* Notify upper layers link is down */
969: ppp_l2tp_server_device_output(peer,
970: PPP_CHANNEL_OUTPUT_DOWN_FATAL, "administratively closed");
971: }
972:
973: static void
974: ppp_l2tp_server_device_destroy(struct ppp_channel **chanp)
975: {
976: struct ppp_channel *const chan = *chanp;
977: struct ppp_channel_output *output;
978: struct ppp_l2tp_peer *peer;
979: struct ppp_l2tp_server *s;
980:
981: /* Sanity */
982: if (chan == NULL)
983: return;
984: *chanp = NULL;
985: peer = chan->priv;
986: assert(peer->chan == chan);
987: s = peer->s;
988:
989: /* Close client code's side of the device */
990: ppp_l2tp_server_close_client(peer);
991:
992: /* Terminate the L2TP channel */
993: if (peer->sess != NULL) {
994: ppp_l2tp_terminate(peer->sess, L2TP_RESULT_ADMIN, 0, NULL);
995: peer->sess = NULL;
996: }
997:
998: /* Destroy the device object */
999: while ((output = mesg_port_get(chan->outport, 0)) != NULL)
1000: ppp_l2tp_server_device_free_output(chan, output);
1001: mesg_port_destroy(&chan->outport);
1002: FREE(L2TP_DEVICE_MTYPE, chan);
1003: peer->chan = NULL;
1004:
1005: /* Destroy peer if it has no more references */
1006: if (peer->ctrl == NULL)
1007: ppp_l2tp_server_peer_destroy(&peer);
1008: }
1009:
1010: static void
1011: ppp_l2tp_server_device_free_output(struct ppp_channel *chan,
1012: struct ppp_channel_output *output)
1013: {
1014: FREE(L2TP_OUTPUT_MTYPE, output->info);
1015: FREE(L2TP_OUTPUT_MTYPE, output);
1016: }
1017:
1018: static void
1019: ppp_l2tp_server_device_set_link_info(struct ppp_channel *chan, u_int32_t accm)
1020: {
1021: /* XXX implement me? */
1022: }
1023:
1024: static int
1025: ppp_l2tp_server_device_get_origination(struct ppp_channel *chan)
1026: {
1027: return (PPP_PEER); /* we don't initiate any calls ourself */
1028: }
1029:
1030: static const char *
1031: ppp_l2tp_server_device_get_node(struct ppp_channel *chan)
1032: {
1033: struct ppp_l2tp_peer *const peer = chan->priv;
1034:
1035: return (peer->node);
1036: }
1037:
1038: static const char *
1039: ppp_l2tp_server_device_get_hook(struct ppp_channel *chan)
1040: {
1041: struct ppp_l2tp_peer *const peer = chan->priv;
1042:
1043: return (peer->hook);
1044: }
1045:
1046: static int
1047: ppp_l2tp_server_device_is_async(struct ppp_channel *chan)
1048: {
1049: return (0);
1050: }
1051:
1052: static u_int
1053: ppp_l2tp_server_device_get_mtu(struct ppp_channel *chan)
1054: {
1055: return (L2TP_MRU);
1056: }
1057:
1058: static int
1059: ppp_l2tp_server_device_get_acfcomp(struct ppp_channel *chan)
1060: {
1061: return (1);
1062: }
1063:
1064: static int
1065: ppp_l2tp_server_device_get_pfcomp(struct ppp_channel *chan)
1066: {
1067: return (1);
1068: }
1069:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ppp_l2tp_server.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / ppp